Hello,
I have Splunk 8.0.1 installed on Ububntu 18.04.4 LTS. I can connect to port 8000 from the same server with any URL (localhost, 127.0.0.1, server name, server IP address). I can see login page if I use SSH tunneling connecting from remote host with redirect to localhost:8000. But I cannot connect from remote host entering any valid URL to browser - connection times out.
I have no firewall on my server. I have all Splunk services running and all services ports listening. I can see incoming packets with tcpdump - but no replies. I can connect to other services (SSH and Apache, for example) on my server.
There are no errors in log files - and no events for incoming connections in web_access.log.
What else have I to check?
Best regards,
Cyril
Allow the traffic in your firewall, e.g. iptables. Keep in mind that tcpdump is in front of iptables, so it will see traffic even if iptables drops it.
Hi Martin,
There are no any firewall in effect on the server, as I mentioned above. This is not a point.
Best regards,
Cyril
UPDATE: Well, I was completely wrong. After some additional investigations I found that negative output of "systemctl status iptables" and "service status iptables" on this server means nothing. Thanks to the guy that have installed and tuned it this way. Resetting default policy to ACCEPT done the thing. Thanks, Martin.
A default policy of accept may be undesirable in most environments.
This server is quick solution for temporary use in isolated environment - so it does not matter much. Then it will be reinstalled.
Just an add-on:
What kind of system do you have? E.g. RedHat currently uses firewalld
by default - so you won't find any iptables
-service. Maybe "the guy that have installed [...] this" is not that bad 😉
Look at initial post. It's Ubuntu 18.04, upgraded from 16.04. It uses ufw by default (and, of course, I've checked 'ufw status' output), and I've tried other options like 'firewall-cmd --state'. So I still think that such kind of 'stealth' firewall configuration is not the best way to operate.
Yes, right, I read that Ubuntu 18.04 - and then immediately forgot it - my bad 😉
Allow the traffic in your firewall, e.g. iptables. Keep in mind that tcpdump is in front of iptables, so it will see traffic even if iptables drops it.